Like this article? We recommend

Like this article? We recommend

In the movie War Games, the main character cracks the password of his
high school's computer system. And he doesn't use a password-cracking
program to do it. He simply looks for a piece of paper that contains a password
listand finds it taped to the bottom of a desk drawer in the school's
office.

How can you keep people from writing passwords on a piece of paper taped to
their workstations? Instead of using passwords for authentication, consider
implementing smartcards. A smartcard is a device the size of a credit
card, with a security chip that can be used for logon authentication, remote
access, entry-control systems, and more (see Figure 1).

Figure
1 For something the size of a credit card, a smartcard packs a wallop of
security.

When you use a smartcard, you get a two-factor authentication system:

Users must have the smartcard to log onto the computer.

Smartcards typically require a personal identification number
(PIN).

The typical analogy for smartcard usage is the automated teller machine (ATM)
card. You insert the card into the reader and enter a PIN to gain access to your
account. As long as you don't write your PIN on the card, you need both
itemsthe PIN and the cardto access the account. That's a
valuable level of security.

NOTE

Smartcards are just the beginning. Some manufacturers add biometric
authentication to smartcard authentication, creating three-factor
authentication. For example, a thumbprint scanner, smartcard, and PIN might be
required to access a system.

Your Equipment Shopping List

Let's assume that you're fed up with passwords and you're
ready to buy into smartcards and PINs for your Windows Server 2003 or Windows XP
system. What stands between you and smartcard authentication bliss?

The obvious first step is to acquire smartcards and smartcard readers. The
Microsoft Web site has a
list
of smartcard readers that are compatible with Windows Server 2003 and Windows
XP.

A wide variety of smartcard readers are available these days, using USB,
RS-232, and PC-Card standards. I've found smartcard readers that support
Windows Server 2003/XP at retail prices of $20 to $40 each. Each smartcard
typically costs $516. Of course, discounts are available if you look hard
enough, buy in bulk, and negotiate well. Several computer and motherboard
manufacturers are even building smartcard readers into their products; you might
investigate this option when buying new equipment.

Selecting a single smartcard type and manufacturer for your systems makes
administration and implementation easier. You'll see why later in this
article.